WinDbg ZUMinternet 2013. 11. 29. 1

WinDbg?? MS Windows Debugger Kernel Mode Debugging User Mode Debugging Post-mortem Debugging2 WinDbg !3 4 5 6 7 !analyze v FAULTING_IP: dumptest1!SecondThreadFunc+4f [c:usersdevgrapherdocumentsvisual studio 2010projectsdumptest1dumptest1.cpp @ 15] 00a0146f 031481addedx,dword ptr [ecx+eax*4]EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)ExceptionAddress: 00a0146f (dumptest1!SecondThreadFunc+0x0000004f) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 000d9000Attempt to read from address 000d9000DEFAULT_BUCKET_ID: INVALID_POINTER_READ .STACK_COMMAND: ~1s; .ecxr ; kb . . 8 DEFAULT_BUCKET_ID INVALID_POINTER_READ APPLICATION_HANGHEAP_CORRUPTION BAD_INSTRUCTION_PTR STATUS_BREAKPOINT.DEFAULT_BUCKET_ID: INVALID_POINTER_READ 9 STACK_COMMAND Stack STACK_COMMAND: ~1s; .ecxr ; kb10 ~1s (switch) ~ : 0:001> ~ 0 Id: 2060.b34 Suspend: 0 Teb: 7efdd000 Unfrozen 1 Id: 2060.1e04 Suspend: 0 Teb: 7efda000 Unfrozen~[]s : ~1s : 1 11 .ecxr (Exception Context Record) .12 kb Stack k : k[b|p|P|v] 0:001> kb # ChildEBP RetAddr Args to Child 00 00b1feec 6f85a273 000d87f0 c81c2e95 00000000 dumptest1!SecondThreadFunc+0x4f 01 00b1ff28 6f85a204 000d8c08 00b1ff40 7592336a MSVCR100D!_beginthreadex+0x243 02 00b1ff34 7592336a 000d8c08 00b1ff80 775e9f72 MSVCR100D!_beginthreadex+0x1d4 03 00b1ff40 775e9f72 004c8d80 76f645d5 00000000 kernel32!BaseThreadInitThunk+0xe 04 00b1ff80 775e9f45 6f85a180 004c8d80 00000000 ntdll!__RtlUserThreadStart+0x70 05 00b1ff98 00000000 6f85a180 004c8d80 00000000 ntdll!_RtlUserThreadStart+0x1b EBP 13 dv (Display Local Variables) 0:001> dv i = 0n516 param = 0x000d87f0 sum = 0n1997962443 arr = 0x000d87f014 !address [] [] 0:001> !address 0x000d87f0 Usage: Heap Base Address: 000d0000 End Address: 000d9000 Region Size: 00009000 State: Protect: Type: Allocation Base: Allocation Protect: More info: heap owning the address: !heap 0xd0000 More info: heap segment More info: heap entry containing the address: !heap -x 0xd87f015 ? ? : 0:001> ? 0n520 * 4Evaluate expression: 2080 = 00000820? : 0:001> ? Open debugger.chm for complete debugger documentation B[C|D|E][] - clear/disable/enable breakpoint(s) BL - list breakpoints BA - set processor breakpoint BP - set soft breakpoint ..Menu -> Help -> Index 16 Windbg 17 Workspace c:program files....windbg.exe -W [workspace ]Hyper Link .prefer_dml 118 blwdbgue.dll Syntex Highlightingsdbgext.dll STL !sdbgext.stlvector, !sdbgext.stllist, !sdbgext.stlmap CMKD.dll x64 19 "C:Program Files (x86)Windows Kits8.0Debuggersx86windbg.exe" -W working -c ".prefer_dml 1 ; .load blwdbgue.dll;.load cmkd.dll;.load sdbgext.dll"20 21 Stack Frame void Print(int sum) { printf("%d", sum); } int Sum(int arg1, int arg2) { int local = 0; local = arg1 + arg2; Print(local); return local; } int main(int argc, char* argv[]) { EIP -> Sum(3, 4); return 0; }109105101xxxx Sum(3, 4); return 0;